Email scams such as Phishing (pronounced “fishing”) continue to be a persistent threat affecting almost all aspects of our personal and business lives.
Phishing is a scam where someone will use various techniques to have you reveal personal/confidential information such as login credentials or banking information that can then be used to commit multiple crimes.
While the frequency of these attacks remains on the rise, there are several basic steps you can take to help identify and stop these attacks.
Name/Email mismatch
Probably the easiest way to identify a fake email is when the sender’s name and email address do not match. For example, a sender of john.doe@company.com or jdoe@company.com might show an email address of abc@fakename.com – this would be considered a significant red flag. Also, be on the lookout for subtle spelling differences such as micros0ft.com where the letter O is replaced with the number 0.
Urgent call to action
These will often appear to come from an executive, perhaps the CEO. Typical examples would be an unusual request to contact them immediately for a special project or other “urgent” tasks.
Suspicious links or attachments
When presented with an unusual link, simply hover your mouse (don’t click!) over the link. If you notice that hovering over the link text of https://www.company.com/file.pdf shows an address like http://www.fakename.com or http://192.168.0.1, this should be considered a red flag.
Spelling and grammar
If the email contains obvious spelling and grammatical errors, this can be the result of foreign languages being translated. Also, if the tone and manner don’t match the usual pattern of a known sender, beware.
When in doubt, just delete – don’t click/open/reply
If you are suspicious of an email, don’t reply – delete it, and don’t open any attachments or links. You can always contact the purported sender via alternative means such as a phone call or text message to verify the email was legitimate. Don’t reply to the email!
